CVE-2022-32549— log injection in Sling logging

EPSS 2.86% · P86 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-32549

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

log injection in Sling logging

Source: NVD (National Vulnerability Database)

Vulnerability Description

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

日志输出的转义处理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Sling 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Sling是美国阿帕奇（Apache）基金会的一个 Java 平台的开源 Web 框架。旨在在符合 JSR-170 的内容存储库（例如 Apache Jackrabbit ）上创建以内容为中心的应用程序。 Apache Sling Commons Log 5.4.0版本及之前版本、Apache Sling API 2.25.0版本及之前版本存在安全漏洞，该漏洞源于易受日志注入攻击。攻击者利用该漏洞通过注入虚假日志和可能损坏的日志文件来掩盖跟踪。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache Sling	Apache Sling API ~ 2.25.0	-

II. Public POCs for CVE-2022-32549

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-32549

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Apache Sling

Same vendor: Apache Software Foundation

Same weakness: CWE-117

V. Comments for CVE-2022-32549

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-32549— log injection in Sling logging

I. Basic Information for CVE-2022-32549

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-32549

III. Intelligence Information for CVE-2022-32549

IV. Related Vulnerabilities

V. Comments for CVE-2022-32549

Leave a comment